The Current State of RegTech – A Q&A with Jordan Schwartz
With new RegTech solutions coming to market every year, it can be difficult to keep up with current trends and emerging technologies. We speak to Cordium’s Head of Software, Jordan Schwartz, to gain a better understanding of the challenges RegTech is addressing and the ways in which it is doing so.
Q1: How do RegTech solutions help businesses stay current with regulatory requirements?
A: “Staying current” with regulatory requirements means understanding both evolving obligations and new regulations as well as established rules and deadlines.
A basic starting point for staying up-to-date with new and evolving obligations is to simply aggregate updates from multiple regulator and authority sources and interpret the new rules to determine the impact they will have on the firm’s business. There are a wide variety of web crawler technologies that automate the aggregation function by parsing through RSS feeds and websites. Platforms are also available to help identify changes between original draft legislation and final rules, or match relevant clauses through the various stages of the process.
When it comes to staying on top of established obligations, having the right tools to simplify administrative processes can be crucial. Many solutions offer firms the ability to manage their regulatory reporting with employee trade monitoring (direct feeds, pre-clearance, and automated trade review), employee communications reviews, filings, attestations, gift and political contribution reporting, and more. These functions allow firms to collate the appropriate information, present it to the regulator in the correct format, and manage the workflow in between.
Q2: How do most RegTech solutions work?
A: Most RegTech solutions follow a similar process flow which can typically be broken down into five broad categories:
- They aggregate data from various sources.
Specialist vendors may collect data from different sources depending on the problem they are trying to solve. They help to aggregate employee trading details from retail brokerage accounts via APIs (or Application Programming Interface), consolidate electronic communications for record keeping and trade reconstruction purposes, crawl feeds for regulatory updates, or track employee training requirements.
- Once captured, this data needs to be stored.
Data storage techniques have also evolved significantly to make life easier. Whether that means WORM (write once read many) drives, cloud services, NoSQL / Big data architectures, or distributed ledger technologies – each has its own advantages that could benefit your firm depending on the use case. However, such techniques must comply with requirements around data privacy, security, sovereignty, integrity, etc.
- Users will then need the ability to analyze that data.
A variety of tools are available for analysis that range from basic queries through to sophisticated analytics (machine learning, AI) and visualizations to help compliance officers detect trends, patterns, or correlate events. New technologies have enabled faster and more scalable analyses for larger datasets.
- Many RegTech solutions will allow you to manage documents, workflows and interactions.
Managing workflows is perhaps less glamorous than other applications of technology, but nonetheless very effective. Digitizing traditional paper-based processes (i.e. filling in forms, capturing signatures to complete and sign attestations, and submitting documents to regulators) can produce significant efficiencies. Solutions in this area will usually manage each process step and work backwards from a deadline to provide users with notifications to ensure timelines are met.
- Finally, many firms will need to present information to regulators (reports, filings or attestations) in a required format and within defined timeframes.
Reporting is the function that ties together many of those processes already mentioned. Once the data is aggregated from various sources, stored, analyzed, and the progress tracked, you can run easy-to-read reports to demonstrate your firm’s compliance to regulators at any time.
Q3: Which existing regulatory compliance requirements would benefit most from continued innovation?
A: Use cases requiring large amounts of data to be analyzed stand to reap big benefits from innovations in data science. Anti-money laundering and market abuse are two of the most obvious applications of these emerging technologies. The evolution of voice recognition and natural language processing also open up new means of data collection. By analyzing these large data sets, machine learning algorithms can support compliance professionals by detecting suspicious behavior that may require further investigation.
The regulatory reporting function is another area that could eventually be disrupted. Blockchain technology, or distributed ledger technology, can transform the way digital identities and reputational information can be managed – with implications for KYC (Know your customer) obligations.
Also, increased adoption of APIs across the industry can enable data to be shared in controlled environments. Traditionally, data is reported to regulators and stored centrally for further investigation and analysis (one notable example being the Consolidated Audit Trail in the US). There may come a day where firms will be able to provide direct access to their environments via secure APIs to support regulatory investigations.
Q4: How have regulators played a role in the development and adoption of RegTech? How will this relationship continue to grow?
A: Intentional or not, regulators are continually playing a key role in the evolution of RegTech. They’ve set increasingly higher standards in record keeping, monitoring, surveillance and reporting, triggering demand for technical, scalable and automated solutions.
At the same time, regulators are also taking an active role in promoting and mandating IT best practices through their continued interest in areas such as cybersecurity and data privacy. They too have become users of RegTech solutions as they gain access to larger pools of higher quality data through newly-implemented reporting regimes (i.e. MiFID II in Europe and the Consolidated Audit Trail in the US). This data can fuel investigations and may prompt the use of more automated analysis such as AI and machine learning algorithms to help detect potential incidents of non-compliance.
Finally, and most recently, the emergence of RegTech has meant many regulators are now recognizing the need to get the financial community collaborating in a way that promotes efficient use of technology to address common challenges. A good example is the series of TechSprints organized by the Financial Conduct Authority (FCA) in the UK. These events group together relevant industry participants, including regulators, regulated entities, and solution providers to see how common challenges can be addressed in the most effective way possible.
Q5: What key questions should firms ask when searching for RegTech solutions?
A: In order to get the best results from technology spend, firms will need to ask themselves some basic questions. The first question always has to be “What problem am I looking to solve?” Without properly defining the problem, it is easy for technology projects to drift from core requirements. Although it’s tempting to get carried away with the potential of emerging technologies, the truth is that simple software solutions will normally have the biggest impact and return on investment.
Managers will also need to ask themselves “How easy is this technology to implement and support?” which would cover a range of sub-questions, such as:
- “How easy is it to populate the system with data?”
- “How long will it take to go through user acceptance testing and train my employees to use the system?”
- “What level of support will my vendor offer through their service level agreements?”
Last but not least, data security is an increasingly important question that all firms have to consider. From access control protocols, through to use of data encryption, meeting data sovereignty obligations, and incident response protocols – all aspects of data security and privacy (including people, process and technology) must be taken into account.
These are questions we are always asking ourselves as a provider of RegTech applications and an advisor on solution architecture. We strive to stay focused on business outcomes, make sure processes are optimized, risks mitigated and the chosen technical solution is easy to implement, operate and support. If you’d like to speak with us about any of our technology products or are just looking for some advice, please contact us.